The National Cyber Security Centre (NCSC) has warned that cyber attackers are carrying out spear-phishing attacks on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC).

Working with its US counterparts including the FBI, the NCSC has urged individuals to stay vigilant to targeted attempts and to sign up to cyber defence services.

The NCSC said the malicious activity is targeted against individuals with a connection to Iranian and Middle Eastern affairs, such as current and former senior government officials, senior think tank personnel, journalists, activists and lobbyists. The US has also observed targeting of persons associated with US political campaigns.

Cyber hackers have been observed impersonating contacts over email and messaging platforms, building a rapport with targets before soliciting them to share user credentials via a false email account login page. The bad actors can then gain access to victims’ accounts, exfiltrate and delete messages and set up email forwarding rules.

The NCSC believes this activity poses an ongoing threat to various sectors worldwide, including in the UK.

To reduce the chances of compromise, the NCSC has advised individuals at risk to follow the mitigation steps outlined by its advisory group and to take up the NCSC’s dedicated support for high-risk individuals, including by signing up for free cyber defence services.

“The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs,” said Paul Chichester, NCSC director of operations. “With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim.”

---